18 Jul SEBI Cautions Regulated Entities Against the ‘Boss Scam’
|
GS-III: Cyber Security | GS-II: Statutory Bodies (SEBI) | Prelims: SEBI, I4C, AI & Deepfakes |
WHY IS THIS IN NEWS
Trigger for the News Cycle
The Securities and Exchange Board of India (SEBI) has issued a cybersecurity advisory to listed companies and all regulated entities, warning against a rapidly rising fraud called the “Boss Scam.” Specifically, the advisory follows alerts from the Indian Cyber Crime Coordination Centre (I4C) on fraudsters impersonating CEOs, MDs, and senior executives via email, WhatsApp, Microsoft Teams, AI voice cloning, and deepfake video — all aimed at tricking employees into transferring company funds.
WHERE THIS FITS IN THE SYLLABUS
Syllabus Mapping
GS PAPER III (MAINS)
• Cyber Security
• Internal Security
• Science & Technology
• Indian Economy — Financial Markets
GS PAPER II (MAINS)
• Statutory Bodies — SEBI
• Governance & Digital Regulation
Prelims Focus Areas: SEBI · I4C · Cyber Security · Digital Payments Security · AI & Deepfake Technology
WHAT IS A BOSS SCAM
Defining the Fraud
A Boss Scam is a type of Business Email Compromise (BEC) or executive-impersonation fraud, in which criminals pose as a senior company official to pressure staff — usually in finance — into moving money urgently and secretly.
COMMON TECHNIQUES USED
• Fake emails
• WhatsApp messages
• Microsoft Teams chats
• AI-generated voice cloning
• Deepfake video calls
• Malware hijacking WhatsApp Web sessions
Ultimately, the common thread across all these techniques is that the fraudster manufactures urgency and secrecy to bypass an employee’s normal judgement and internal checks.
HOW THE SCAM UNFOLDS
Anatomy of an Attack
|
Step |
What Happens |
|
1. Reconnaissance |
Fraudster gathers information on the company and its officials. |
|
2. Impersonation |
Poses as the CEO / Managing Director. |
|
3. AI Deception |
Deploys AI voice cloning or a deepfake video call. |
|
4. Manufactured Urgency |
“Transfer immediately” — leaving no time to verify. |
|
5. Fund Transfer |
Finance employee complies and wires the money. |
|
6. Laundering |
Funds land in mule bank accounts and disappear. |
ABOUT SEBI (PRELIMS MUST-KNOW)
About SEBI
|
Full Form |
Securities and Exchange Board of India |
|
Established |
1988 (as a non-statutory body); given statutory powers later |
|
Statutory Status |
SEBI Act, 1992 |
|
Ministry |
Ministry of Finance |
|
Headquarters |
Mumbai |
|
Chairman |
Appointed by the Government of India |
|
Objective |
Protect investors, regulate the securities market, promote market development |
CORE FUNCTIONS
Broadly, SEBI’s core functions include the following:
• Protect investors
• Regulate stock exchanges
• Register market intermediaries
• Prevent insider trading
• Ensure overall market integrity
• Promote cybersecurity standards in regulated entities
ABOUT I4C (PRELIMS MUST-KNOW)
About I4C
|
Full Form |
Indian Cyber Crime Coordination Centre |
|
Established Under |
Ministry of Home Affairs (MHA) |
|
Helpline |
1930 — National Cyber Fraud Helpline |
|
Purpose |
Coordinate cybercrime investigations; build cyber forensic capacity; run awareness campaigns; operate the National Cyber Crime Reporting Portal; support law enforcement agencies |
WHY THIS ADVISORY MATTERS
Why This Advisory Matters
1. Rising AI-enabled Cybercrime — Realistic voice cloning and deepfakes have made impersonation attacks far more convincing.
2. Financial Market Protection — Moreover, listed companies manage significant public funds, and fraud erodes investor confidence and market stability.
3. Digital Economy Security — Similarly, rapid financial digitisation makes cybersecurity essential for sustaining trust in transactions.
4. Corporate Governance — In turn, the advisory pushes multi-level verification for high-value transactions, strengthening internal controls.
5. The Human Factor (Mains Angle) — Importantly, most successful attacks exploit human psychology rather than technical vulnerabilities, underscoring why employee awareness and verification protocols matter as much as firewalls.
KEY SEBI RECOMMENDATIONS
Key SEBI Recommendations
• Never transfer funds solely on instructions via WhatsApp, email, or social media
• Independently verify payment requests with the concerned senior official
• Avoid opening suspicious ZIP or executable files
• Log out of inactive WhatsApp Web sessions
• Implement multi-factor authentication (MFA)
• Train employees regularly on cyber hygiene
• Report fraud promptly via the Helpline (1930) or the National Cyber Crime Reporting Portal
RELEVANT DATA POINTS FOR ANSWER-WRITING
Relevant Data Points
NCRB — Cybercrime cases in India have risen significantly over the past decade, tracking the expansion of the digital economy.
AI Threat Landscape — Meanwhile, AI-powered phishing, deepfake impersonation, and voice cloning are emerging as major global cybersecurity challenges.
Digital India — Consequently, India runs one of the world’s largest digital payment ecosystems, making robust cybersecurity essential for economic resilience.
CHALLENGES AHEAD & WAY FORWARD
Challenges & Way Forward
CHALLENGES
• Increasing sophistication of AI-generated fraud
• Low cybersecurity awareness among employees
• Rapid growth in digital financial transactions
• Cross-border nature of cybercrime investigations
• Difficulty identifying deepfakes in real time
WAY FORWARD
• Mandatory cybersecurity audits for financial institutions
• AI-based fraud detection systems
• Multi-person approval for high-value transactions
• Continuous employee awareness programmes
• Stronger public-private and global cooperation
• Promotion of zero-trust security architecture
PREVIOUS UPSC LINKAGES
Previous UPSC Linkages
Questions have previously touched Cyber Security, Deepfake Technology, CERT-In, Data Protection, Digital India, Financial Regulators, and Artificial Intelligence. Overall, this topic integrates all of these threads, making it a high-yield, cross-cutting current affairs item for 2027.
PRELIMS PRACTICE QUESTIONS
Prelims Practice Questions
Q1. With reference to the Securities and Exchange Board of India (SEBI), consider the following statements:
• 1. SEBI is a statutory body established under the SEBI Act, 1992.
• 2. It functions under the Ministry of Electronics and Information Technology.
• 3. Additionally, it regulates the securities market and protects investor interests.
Which of the statements given above is/are correct?
A. 1 and 2 only B. 2 only C. 1 and 3 only D. 1, 2 and 3
|
Answer: C. Statement 1 — Correct: SEBI derives statutory powers from the SEBI Act, 1992. The second — Incorrect: SEBI functions under the Ministry of Finance, not MeitY. The third — Correct: investor protection and market regulation are SEBI’s core mandate. |
Q2. The term “Boss Scam,” recently seen in news, refers to:
A. Insider trading by company executives B. Cyber fraud in which criminals impersonate senior executives to induce fraudulent fund transfers C. Manipulation of stock prices by promoters D. Unauthorized algorithmic trading in stock exchanges
|
Answer: B. A Boss Scam is executive-impersonation fraud, often using email, messaging platforms, AI voice cloning, or deepfakes to persuade employees — especially finance staff — to transfer funds to fraudulent accounts. |
MAINS PRACTICE QUESTION
Mains Practice Question
|
GS-II / GS-III · 250 words · 15 marks “Artificial Intelligence has transformed cybercrime from a technical challenge into a governance challenge.” Discuss in the context of recent AI-enabled financial frauds, and examine the role of regulatory institutions like SEBI in strengthening India’s cybersecurity ecosystem. |


No Comments